{"id":378,"date":"2018-07-14T21:04:36","date_gmt":"2018-07-14T21:04:36","guid":{"rendered":"http:\/\/softinite.com\/?p=378"},"modified":"2018-07-14T21:05:27","modified_gmt":"2018-07-14T21:05:27","slug":"dns-over-tls-setup-on-turris-omnia-using-knot-dns-resolver","status":"publish","type":"post","link":"http:\/\/softinite.com\/?p=378","title":{"rendered":"DNS over TLS setup on Turris Omnia using Knot DNS Resolver"},"content":{"rendered":"<p>Information extracted from <a href=\"https:\/\/forum.turris.cz\/t\/using-dns-over-tls-or-https\/6996\/21\">here<\/a>.<\/p>\n<p>Go to Forris DNS tab and make sure that \u201cUse forwarding\u201d is not checked, save.<\/p>\n<p>Grab and convert the needed ssh certificate into Omnia. From \/root :<\/p>\n<p>&lt;code&gt;<\/p>\n<p>wget https:\/\/www.digicert.com\/CACerts\/DigiCertECCSecureServerCA.crt<\/p>\n<p>openssl x509 -inform der -in DigiCertECCSecureServerCA.crt -out DigiCertECCSecureServerCA.pem<\/p>\n<p>&lt;\/code&gt;<\/p>\n<p>Copy the pem file into \/etc\/ssl\/certs<\/p>\n<p>&lt;code&gt;<\/p>\n<p>cp DigiCertECCSecureServerCA.pem \/etc\/ssl\/certs\/DigiCertECCSecureServerCA.pem<\/p>\n<p>&lt;\/code&gt;<\/p>\n<p>Create the configuration file \/etc\/kresd\/custom.conf with content:<br \/>\n&lt;code&gt;<br \/>\npolicy.add(policy.all(<br \/>\npolicy.TLS_FORWARD({<br \/>\n{&#8216;1.1.1.1&#8242;, hostname=&#8217;cloudflare-dns.com&#8217;, ca_file=&#8217;\/etc\/ssl\/certs\/DigiCertECCSecureServerCA.pem&#8217;},<br \/>\n{&#8216;1.0.0.1&#8242;, hostname=&#8217;cloudflare-dns.com&#8217;, ca_file=&#8217;\/etc\/ssl\/certs\/DigiCertECCSecureServerCA.pem&#8217;}<br \/>\n})<br \/>\n))<br \/>\n&lt;\/code&gt;<br \/>\nThe resolver needs to know where to find the rule, so edit \/etc\/config\/resolver, adding the following line at the end of the config resolver \u2018kresd\u2019 section<br \/>\n&lt;code&gt;<br \/>\noption include_config \u2018\/etc\/kresd\/custom.conf\u2019<br \/>\n&lt;\/code&gt;<br \/>\nRestart the resolver with the following command:<br \/>\n&lt;code&gt;<br \/>\n\/etc\/init.d\/resolver restart<br \/>\n&lt;\/code&gt;<br \/>\nYou are all done. You should be using dns over tls via Cloudflare\u2019s 1.1.1.1<\/p>\n<p>One can confirm this fact by testing for DNS leaks -&gt;\u00a0dnsleaktest.com<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Information extracted from <a href=\"https:\/\/forum.turris.cz\/t\/using-dns-over-tls-or-https\/6996\/21\">here<\/a>.<\/p>\n<p>Go to Forris DNS tab and make sure that \u201cUse forwarding\u201d is not checked, save.<\/p>\n<p>Grab and convert the needed ssh certificate into Omnia. From \/root :<\/p>\n<p>&lt;code&gt;<\/p>\n<p>wget https:\/\/www.digicert.com\/CACerts\/DigiCertECCSecureServerCA.crt<\/p>\n<p>openssl x509 -inform der -in &#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[13],"tags":[20,19,22,21,18],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7uKYI-66","_links":{"self":[{"href":"http:\/\/softinite.com\/index.php?rest_route=\/wp\/v2\/posts\/378"}],"collection":[{"href":"http:\/\/softinite.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/softinite.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/softinite.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/softinite.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=378"}],"version-history":[{"count":4,"href":"http:\/\/softinite.com\/index.php?rest_route=\/wp\/v2\/posts\/378\/revisions"}],"predecessor-version":[{"id":382,"href":"http:\/\/softinite.com\/index.php?rest_route=\/wp\/v2\/posts\/378\/revisions\/382"}],"wp:attachment":[{"href":"http:\/\/softinite.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=378"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/softinite.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=378"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/softinite.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=378"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}